| description | external help file | Module Name | ms.date | online version | schema | title |
|---|---|---|---|---|---|---|
The Remove-MpPreference cmdlet removes exclusions for file name extensions, paths, and processes, or default actions for high, moderate, and low threats. |
MSFT_MpPreference.cdxml-help.xml |
Defender |
12/20/2016 |
2.0.0 |
Remove-MpPreference |
Removes exclusions or default actions.
Remove-MpPreference
[-AllowDatagramProcessingOnWinServer]
[-AllowNetworkProtectionDownLevel]
[-AllowNetworkProtectionOnWinServer]
[-AsJob]
[-AttackSurfaceReductionOnlyExclusions <String[]>]
[-AttackSurfaceReductionRules_Actions <ASRRuleActionType[]>]
[-AttackSurfaceReductionRules_Ids <String[]>]
[-CheckForSignaturesBeforeRunningScan]
[-CimSession <CimSession[]>]
[-CloudBlockLevel]
[-CloudExtendedTimeout]
[-ControlledFolderAccessAllowedApplications <String[]>]
[-ControlledFolderAccessProtectedFolders <String[]>]
[-DisableArchiveScanning]
[-DisableAutoExclusions]
[-DisableBehaviorMonitoring]
[-DisableBlockAtFirstSeen]
[-DisableCatchupFullScan]
[-DisableCatchupQuickScan]
[-DisableCpuThrottleOnIdleScans]
[-DisableDatagramProcessing]
[-DisableDnsOverTcpParsing]
[-DisableDnsParsing]
[-DisableEmailScanning]
[-DisableGradualRelease]
[-DisableHttpParsing]
[-DisableIOAVProtection]
[-DisableInboundConnectionFiltering]
[-DisableIntrusionPreventionSystem]
[-DisablePrivacyMode]
[-DisableRdpParsing]
[-DisableRealtimeMonitoring]
[-DisableRemovableDriveScanning]
[-DisableRestorePoint]
[-DisableScanningMappedNetworkDrivesForFullScan]
[-DisableScanningNetworkFiles]
[-DisableScriptScanning]
[-DisableSshParsing]
[-DisableTlsParsing]
[-EnableControlledFolderAccess]
[-EnableDnsSinkhole]
[-EnableFileHashComputation]
[-EnableFullScanOnBatteryPower]
[-EnableLowCpuPriority]
[-EnableNetworkProtection]
[-EngineUpdatesChannel]
[-ExclusionExtension <String[]>]
[-ExclusionIpAddress <String[]>]
[-ExclusionPath <String[]>]
[-ExclusionProcess <String[]>]
[-ForceUseProxyOnly]
[-Force]
[-HighThreatDefaultAction]
[-LowThreatDefaultAction]
[-MAPSReporting]
[-MeteredConnectionUpdates]
[-ModerateThreatDefaultAction]
[-PUAProtection]
[-PlatformUpdatesChannel]
[-ProxyBypass]
[-ProxyPacUrl]
[-ProxyServer]
[-QuarantinePurgeItemsAfterDelay]
[-RandomizeScheduleTaskTimes]
[-RealTimeScanDirection]
[-RemediationScheduleDay]
[-RemediationScheduleTime]
[-ReportingAdditionalActionTimeOut]
[-ReportingCriticalFailureTimeOut]
[-ReportingNonCriticalTimeOut]
[-ScanAvgCPULoadFactor]
[-ScanOnlyIfIdleEnabled]
[-ScanParameters]
[-ScanPurgeItemsAfterDelay]
[-ScanScheduleDay]
[-ScanScheduleQuickScanTime]
[-ScanScheduleTime]
[-SchedulerRandomizationTime]
[-SevereThreatDefaultAction]
[-SharedSignaturesPath]
[-SignatureAuGracePeriod]
[-SignatureBlobFileSharesSources]
[-SignatureBlobUpdateInterval]
[-SignatureDefinitionUpdateFileSharesSources]
[-SignatureDisableUpdateOnStartupWithoutEngine]
[-SignatureFallbackOrder]
[-SignatureFirstAuGracePeriod]
[-SignatureScheduleDay]
[-SignatureScheduleTime]
[-SignatureUpdateCatchupInterval]
[-SignatureUpdateInterval]
[-SignaturesUpdatesChannel]
[-SubmitSamplesConsent]
[-ThreatIDDefaultAction_Actions <ThreatAction[]>]
[-ThreatIDDefaultAction_Ids <Int64[]>]
[-ThrottleLimit <Int32>]
[-UILockdown]
[-UnknownThreatDefaultAction]
[<CommonParameters>]
The Remove-MpPreference cmdlet removes exclusions for file name extensions, paths, and processes, or default actions for high, moderate, and low threats. If you attempt to remove an exclusion that is not in the list, this cmdlet reports the error.
Remove-MpPreference -ExclusionPath "C:\Temp"This command removes the folder C:\Temp from the exclusion list.
Remove-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Windows\App.exe"This command will exclude only that specific file app.exe in that specific folder.
Indicates that the cmdlet removes whether to disable inspection of UDP connections on Windows Server.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: adpows
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to allow network protection to be set to Enabled or Audit Mode on Windows versions before 1709.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: anpdl
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to allow network protection to be set to Enabled or Audit Mode for Windows Server.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: anpws
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseRuns the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.
The cmdlet immediately returns an object that represents the job and then displays the command prompt.
You can continue to work in the session while the job completes.
To manage the job, use the *-Job cmdlets.
To get the job results, use the Receive-Job cmdlet.
For more information about Windows PowerShell background jobs, see about_Jobs.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the files and paths to exclude from Attack Surface Reduction (ASR) rules. Specify the folders or files and resources that should be excluded from ASR rules. Enter a folder path or a fully qualified resource name. For example, ""C:\Windows"" will exclude all files in that directory. ""C:\Windows\App.exe"" will exclude only that specific file in that specific folder.
For more information about excluding files and folders from ASR rules.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the states of attack surface reduction rules specified by using the AttackSurfaceReductionRules_Ids parameter. If you add multiple rules as a comma-separated list, specify their states separately as a comma-separated list.
Type: ASRRuleActionType[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the states of attack surface reduction rules specified by using the AttackSurfaceReductionRules_Ids parameter. If you add multiple rules as a comma-separated list, specify their states separately as a comma-separated list.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to check for new virus and spyware definitions before Windows Defender runs a scan.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: csbr
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseRuns the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Type: CimSession[]
Parameter Sets: (All)
Aliases: Session
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies a cloud block level. This value determines how aggressive Microsoft Defender Antivirus is in blocking and scanning suspicious files.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the amount of extended time to block a suspicious file and scan it in the cloud. Standard time is 10 seconds. Extend by up to 50 seconds.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cloudextimeout
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies applications that can make changes in controlled folders.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies more folders to protect.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to scan archive files, such as .zip and .cab files, for malicious and unwanted software.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: darchsc
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to disable the Automatic Exclusions feature for the server.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dae
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to enable behavior monitoring.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dbm
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to enable block at first seen.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dbaf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether Windows Defender runs catch-up scans for scheduled full scans.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dcfsc
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether Windows Defender runs catch-up scans for scheduled quick scans.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dcqsc
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether the CPU will be throttled for scheduled scans while the device is idle.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to disable inspection of UDP connections.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: ddtgp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to disable inspection of DNS traffic that occurs over a TCP channel.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: ddnstcpp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to disable inspection of DNS traffic that occurs over a UDP channel.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: ddnsp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether Windows Defender parses the mailbox and mail files, according to their specific format, in order to analyze mail bodies and attachments.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: demsc
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to disable gradual rollout of monthly and daily Windows Defender updates. If you enable this option, devices are offered all updates after the gradual release cycle finishes. Consider this option for datacenter computers that only receive limited updates.
This setting applies to both monthly and daily updates. It overrides any previously configured channel selections for platform and engine updates.
If you disable or do not configure this policy, the device remains in Current Channel (Default) unless specified otherwise in specific channels for platform and engine updates. The device stays up to date automatically during the gradual release cycle, which is suitable for most devices.
This policy is available starting with platform version 4.18.2106.5 and later.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dgr
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether disable inspection of HTTP traffic.
If EnableNetworkProtection has the value Enabled, HTTP connections to malicious websites can be blocked.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dhttpp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to inspect only outbound connections. By default, Network Protection inspects both inbound and outbound connections.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dicf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to configure network protection against exploitation of known vulnerabilities.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dips
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether Windows Defender scans all downloaded files and attachments.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dioavp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to disable privacy mode.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dpm
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to inspect only outbound connections. By default, Network Protection inspects both inbound and outbound connections.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: drdpp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to use real-time protection.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: drtm
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to scan for malicious and unwanted software in removable drives, such as flash drives, during a full scan.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: drdsc
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to disable scanning of restore points.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: drp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to scan mapped network drives.
If you specify a value of $False or do not specify a value, Windows Defender scans mapped network drives.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dsmndfsc
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to scan for network files.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dsnf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to disable the scanning of scripts during malware scans. If you specify a value of $False or do not specify a value, Windows Defender does not scan scripts.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dscrptsc
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to disable inspection of SSH traffic. By default, Network Protection inspects SSH traffic.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dsshp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to disable inspection of TLS traffic, also known as HTTPS. By default, Network Protection inspects TLS traffic.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: dtlsp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes the state for the controlled folder access feature. Valid values are Disabled, Enabled, and Audit Mode.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to examine DNS traffic to detect and sinkhole DNS exfiltration attempts and other DNS based malicious attacks.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: ednss
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to enable file hash computation. When this feature is enabled, Windows Defender computes hashes for files it scans.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: efhc
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether Windows Defender does a full scan while on battery power.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: efsobp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether Windows Defender uses low CPU priority for scheduled scans.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: elcp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies how the Network Protection Service handles web-based malicious threats, including phishing and malware. Possible values are Disabled, Enabled, and AuditMode.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies when devices receive Microsoft Defender engine updates during the monthly gradual rollout.
Valid values are:
- NotConfigured. Devices stay up to date automatically during the gradual release cycle. This value is suitable for most devices.
- Beta. Devices are the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. This value is for use in manual test environments only and a limited number of devices.
- Broad. Devices are offered updates only after the gradual release cycle completes. This value is suggested for a broad set of devices in your production population, from 10 to 100 percent.
- Preview. Devices are offered updates earliest during the monthly gradual release cycle. This value is suggested for pre-production or validation environments.
- Staged. Devices are offered updates after the monthly gradual release cycle. This value is suggested for a small, representative part of your production population, around 10 percent.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: erelr
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of file name extensions, such as obj or lib, to exclude from scheduled, custom, and real-time scanning. This cmdlet removes the exclusions that you specify.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of IP addresses to exclude from scheduled and real-time scanning.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of file paths to exclude from scheduled and real-time scanning. This cmdlet removes the exclusions that you specify.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of processes, as paths to process images. This cmdlet removes exclusions of files opened by the processes that you specify.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseForces the command to run without asking for user confirmation.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseRemoves whether to force the device to use only the proxy.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: fupo
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that this cmdlet removes the automatic remediation action specified for the high threat alert level.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: htdefac
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that this cmdlet removes the automatic remediation action specified for the low threat alert level.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: ltdefac
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes membership in Microsoft Active Protection Service.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to update managed devices to update through metered connections. Data charges may apply.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: mcupd
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that this cmdlet removes the automatic remediation action specified for the moderate threat alert level.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: mtdefac
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies when devices receive Microsoft Defender platform updates during the monthly gradual rollout.
Valid values are:
- NotConfigured. Devices stay up to date automatically during the gradual release cycle. This value is suitable for most devices.
- Beta. Devices are the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. This value is for use in manual test environments only and a limited number of devices.
- Broad. Devices are offered updates only after the gradual release cycle completes. This value is suggested for a broad set of devices in your production population, from 10 to 100 percent.
- Preview. Devices are offered updates earliest during the monthly gradual release cycle. This value is suggested for pre-production or validation environments.
- Staged. Devices are offered updates after the monthly gradual release cycle. This value is suggested for a small, representative part of your production population, around 10 percent.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: prelr
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies proxy bypasses.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: proxbps
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the Privilege Attribute Certificate (PAC) proxy.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: ppurl
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the proxy server.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: proxsrv
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the level of detection for potentially unwanted applications. When potentially unwanted software is downloaded or attempts to install itself on your computer, you are warned.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified number of days to keep items in the Quarantine folder.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: qpiad
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to select a random time for the scheduled start and scheduled update for definitions.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: rstt
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified scanning configuration for incoming and outgoing files on NTFS volumes.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: rtsd
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified day of the week on which to perform a scheduled full scan in order to complete remediation.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: rsd
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified time of day, as the number of minutes after midnight, to perform a scheduled scan.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: rst
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified number of minutes before a detection in the additional action state changes to the cleared state.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: raat
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified the number of minutes before a detection in the critically failed state changes to either the additional action state or the cleared state.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: rcto
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified number of minutes before a detection in the non-critically failed state changes to the cleared state.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: rncto
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified maximum percentage CPU usage for a scan.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: saclf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to start scheduled scans only when the computer is not in use.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: soiie
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified scan type to use during a scheduled scan.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified number of days to keep items in the scan history folder.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: spiad
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified the day of the week on which to perform a scheduled scan.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: scsd
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified time of day, as the number of minutes after midnight, to perform a scheduled quick scan.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: scsqst
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified time of day, as the number of minutes after midnight, to perform a scheduled scan.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: scst
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the randomization time for the scheduler.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: srt
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that this cmdlet removes the automatic remediation action specified for the severe threat alert level.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: stdefac
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the shared signatures path.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: ssp, SecurityIntelligenceLocation, ssl
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified grace period, in minutes, for the definition.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: sigagp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the file shares sources for signatures.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: sigbfs
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes the signature update interval.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: sigbui
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified file-share sources for definition updates.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: sigdufss
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to initiate definition updates even if no antimalware engine is present.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: sigduoswo
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified order in which to contact different definition update sources.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: sfo
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified grace period, in minutes, for the definition.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: sigfagp
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified day of the week on which to check for definition updates.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: sigsd
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified time of day, as the number of minutes after midnight, to check for definition updates.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: sigst
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies when devices receive daily Microsoft Defender definition updates during the monthly gradual rollout.
Valid values are:
- NotConfigured. Devices stay up to date automatically during the gradual release cycle. This value is suitable for most devices.
- Broad. Devices are offered updates only after the gradual release cycle completes. This value is suggested for a broad set of devices in your production population, from 10 to 100 percent.
- Staged. Devices are offered updates after the monthly gradual release cycle. This value is suggested for a small, representative part of your production population, around 10 percent.
This parameter name will be updated to DefinitionUpdatesChannel in a future release.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: srelr
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified number of days after which Windows Defender requires a catch-up definition update.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: siguci
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes specified interval at which to check for definition updates.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: sigui
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes how Windows Defender checks for user consent for certain samples.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of the actions to take for the IDs specified by using the ThreatIDDefaultAction_Ids parameter. The acceptable values for this parameter are:
- 1: Clean
- 2: Quarantine
- 3: Remove
- 6: Allow
- 8: UserDefined
- 9: NoAction
- 10: Block
Note
A value of 0 (NULL) applies an action based on the Security Intelligence Update (SIU). This is the default value.
Type: ThreatAction[]
Parameter Sets: (All)
Aliases: tiddefaca
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of threat IDs. This cmdlet removes the default actions for the threat IDs that you specify.
Type: Int64[]
Parameter Sets: (All)
Aliases: tiddefaci
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the maximum number of concurrent operations that can be established to run the cmdlet.
If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer.
The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that the cmdlet removes whether to disable UI lockdown mode.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIndicates that this cmdlet removes the automatic remediation action specified for the unknown threat alert level.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: unktdefac
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.